diff --git a/README.md b/README.md index 125a153..95cb353 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Expedite -Simple encrypted file transfer service +Simple encrypted file transfer service for humans ## Introduction @@ -30,87 +30,243 @@ available servers setup by me instead. Picking the server that is closer to your group of users can help with improving performance and reliability of the transfer. Please open up a pull request if you wish to list your server here. -### Unsecured WebSockets connection - -It is recommended for using the unsecured WebSockets connection only for -testing and debugging purposes. - -- **Mumbai, MH** - `ws://expedite-mumb.apexaltruism.net:6969` - -- **Atlanta, GA** - `ws://expedite-atla.apexaltruism.net:6969` - -### Secured WebSockets connection - -It is recommended for using the secured WebSockets connection for all kinds -of general file sharing purposes. - - **Mumbai, MH** - `wss://expedite-mumb.apexaltruism.net` or `wss://expedite-mumb.apexaltruism.net:443` - [**Grade A - Qualys**](https://www.ssllabs.com/ssltest/analyze.html?d=expedite-mumb.apexaltruism.net) - [**Test Result**](https://github.com/gridhead/expedite/blob/main/data/test-mumb-26072024.txt) - ![](https://raw.githubusercontent.com/gridhead/expedite/main/data/cert-mumb-26072024.png) + `wss://expedite-mumb.gridhead.net` or `wss://expedite-mumb.gridhead.net:443` + [**Grade A - Qualys**](https://www.ssllabs.com/ssltest/analyze.html?d=expedite-mumb.gridhead.net) + [**Grade A - TestSSL**](https://github.com/gridhead/expedite/blob/main/data/test-mumb-12112024.txt) + ![](https://raw.githubusercontent.com/gridhead/expedite/main/data/cert-mumb-12112024.png) - **Atlanta, GA** - `wss://expedite-atla.apexaltruism.net` or `wss://expedite-atla.apexaltruism.net:443` - [**Grade A - Qualys**](https://www.ssllabs.com/ssltest/analyze.html?d=expedite-atla.apexaltruism.net) - [**Test Result**](https://github.com/gridhead/expedite/blob/main/data/test-atla-26072024.txt) - ![](https://raw.githubusercontent.com/gridhead/expedite/main/data/cert-atla-26072024.png) + `wss://expedite-atla.gridhead.net` or `wss://expedite-atla.gridhead.net:443` + [**Grade A - Qualys**](https://www.ssllabs.com/ssltest/analyze.html?d=expedite-atla.gridhead.net) + [**Grade A - TestSSL**](https://github.com/gridhead/expedite/blob/main/data/test-atla-12112024.txt) + ![](https://raw.githubusercontent.com/gridhead/expedite/main/data/cert-atla-12112024.png) ## Illustration -### Client - Bridge - Info +### Client + +#### Bridge - Info ![](https://raw.githubusercontent.com/gridhead/expedite/main/data/bridge-info-stat.png) -### Client - Bridge - Delivering - Static +#### Bridge - Delivering - Static ![](https://raw.githubusercontent.com/gridhead/expedite/main/data/bridge-send-stat.png) -### Client - Bridge - Collecting - Static +#### Bridge - Collecting - Static ![](https://raw.githubusercontent.com/gridhead/expedite/main/data/bridge-recv-stat.png) -### Client - Bridge - Delivering - Progress +#### Bridge - Delivering - Progress ![](https://raw.githubusercontent.com/gridhead/expedite/main/data/bridge-send-prog.gif) -### Client - Bridge - Collecting - Progress +#### Bridge - Collecting - Progress ![](https://raw.githubusercontent.com/gridhead/expedite/main/data/bridge-recv-prog.gif) -### Client - Prompt - Help - -![](https://raw.githubusercontent.com/gridhead/expedite/main/data/prompt-help-stat.png) - -### Client - Prompt - Delivering - Help - -![](https://raw.githubusercontent.com/gridhead/expedite/main/data/prompt-send-help.png) - -### Client - Prompt - Collecting - Help - -![](https://raw.githubusercontent.com/gridhead/expedite/main/data/prompt-recv-help.png) - -### Client - Prompt - Delivering - Static - -![](https://raw.githubusercontent.com/gridhead/expedite/main/data/prompt-send-stat.png) - -### Client - Prompt - Collecting - Static - -![](https://raw.githubusercontent.com/gridhead/expedite/main/data/prompt-recv-stat.png) - -### Client - Prompt - Delivering - Progress +#### Prompt - Help + +```shell +(venv) $ ed-prompt --help +``` + +``` +Usage: ed-prompt [OPTIONS] COMMAND [ARGS]... + + Configure the service particulars before starting it + +Options: + -h, --host TEXT Set the address for the service endpoint + [required] + -t, --time INTEGER RANGE Set the expiry period for participants [default: + 150; 5<=x<=300] + -e, --endo TEXT Set the identity of the opposing client + --version Show the version and exit. + --help Show this message and exit. + +Commands: + recv Collect file through an encrypted transfer + send Deliver file through an encrypted transfer +``` + +#### Prompt - Delivering - Help + +```shell +(venv) $ ed-prompt send --help +``` + +``` +Usage: ed-prompt send [OPTIONS] + + Deliver file through an encrypted transfer + +Options: + -p, --pswd TEXT Set the password for delivering encryption + [default: CD87C56C] + -f, --file PATH Set the filepath for delivering to network + [required] + -s, --size INTEGER RANGE Set the unit size for file chunking (in B) + [default: 65536; 1024<=x<=524288] + --help Show this message and exit. +``` + +#### Prompt - Collecting - Help + +```shell +(venv) $ ed-prompt recv --help +``` + +``` +Usage: ed-prompt recv [OPTIONS] + + Collect file through an encrypted transfer + +Options: + -p, --pswd TEXT Set the password for collecting encryption [required] + --help Show this message and exit. +``` + +#### Prompt - Delivering - Static + +```shell +(venv) $ ed-prompt --host wss://expedite-mumb.gridhead.net --time 150 --endo 2E8EC1AC send --pswd PASSWORDINCOMING --size 65536 --file dist/ed-bridge +``` + +``` +[2024-11-12 17:09:02] Expedite Client v0.1.0 +[2024-11-12 17:09:02] Addr. wss://expedite-mumb.gridhead.net +[2024-11-12 17:09:02] Pass. PASSWORDINCOMING +[2024-11-12 17:09:02] Plan. DELIVERING +[2024-11-12 17:09:02] Wait. 150 seconds +[2024-11-12 17:09:02] Please wait for 2E8EC1AC to begin interaction. +[2024-11-12 17:09:02] Attempting to connect to the network. +[2024-11-12 17:09:02] Successfully connected to the network. +[2024-11-12 17:09:02] You are now identified as 14CF663D in the network. +[2024-11-12 17:09:02] Attempting pairing with 2E8EC1AC. +[2024-11-12 17:09:02] Starting transmission. +[2024-11-12 17:09:02] Generating cryptography sign. +[2024-11-12 17:09:02] Collecting delivering summon from 2E8EC1AC. +[2024-11-12 17:09:02] Delivering contents for 'ed-bridge' (78.32MB) to 2E8EC1AC. +[2024-11-12 17:09:19] Delivering contents digest for confirmation. +[2024-11-12 17:09:20] Contents integrity verified (Mean 4.36MB/s). +[2024-11-12 17:09:20] Delivering done after 18.12 seconds. +[2024-11-12 17:09:20] Exiting. +``` + +#### Prompt - Collecting - Static + +```shell +(venv) $ ed-prompt --host wss://expedite-mumb.gridhead.net --time 150 --endo 1AAE5935 recv --pswd PASSWORDINCOMING +``` + +``` +[2024-11-12 17:15:10] Expedite Client v0.1.0 +[2024-11-12 17:15:10] Addr. wss://expedite-mumb.gridhead.net +[2024-11-12 17:15:10] Pass. PASSWORDINCOMING +[2024-11-12 17:15:10] Plan. COLLECTING +[2024-11-12 17:15:10] Wait. 150 seconds +[2024-11-12 17:15:10] Please wait for 1AAE5935 to begin interaction. +[2024-11-12 17:15:10] Attempting to connect to the network. +[2024-11-12 17:15:10] Successfully connected to the network. +[2024-11-12 17:15:10] You are now identified as 96B33383 in the network. +[2024-11-12 17:15:10] Attempting pairing with 1AAE5935. +[2024-11-12 17:15:10] Starting transmission. +[2024-11-12 17:15:10] Generating cryptography sign. +[2024-11-12 17:15:10] Delivering collection summon to 1AAE5935. +[2024-11-12 17:15:10] Collecting contents for 'ed-bridge' (78.32MB) from 1AAE5935. +[2024-11-12 17:15:32] Collecting contents digest for confirmation. +[2024-11-12 17:15:32] Contents integrity verified (Mean 3.52MB/s). +[2024-11-12 17:15:32] Collecting done after 22.57 seconds. +[2024-11-12 17:15:32] Exiting. +``` + +#### Prompt - Delivering - Progress ![](https://raw.githubusercontent.com/gridhead/expedite/main/data/prompt-send-prog.gif) -### Client - Prompt - Collecting - Progress +#### Prompt - Collecting - Progress ![](https://raw.githubusercontent.com/gridhead/expedite/main/data/prompt-recv-prog.gif) -### Server - Broker +### Server -![](https://raw.githubusercontent.com/gridhead/expedite/main/data/brok-stat.png) +#### Help + +```shell +(venv) $ ed-server --help +``` + +``` +Usage: ed-server [OPTIONS] + + Configure the service particulars before starting it + +Options: + -a, --addr TEXT Set the interface for the service endpoint + [default: 127.0.0.1] + -p, --port INTEGER RANGE Set the port value for the service endpoint + [default: 8080; 64<=x<=65535] + --version Show the version and exit. + --help Show this message and exit. +``` + +#### Broker + +```shell +(venv) $ ed-server --addr 0.0.0.0 --port 8181 +``` + +``` +[2024-11-12 17:46:46] Expedite Server v0.1.0 +[2024-11-12 17:46:46] Addr. 0.0.0.0 +[2024-11-12 17:46:46] Port. 8181 +[2024-11-12 17:46:46] server listening on 0.0.0.0:8181 +[2024-11-12 17:48:30] connection open +[2024-11-12 17:48:30] 97939184 joined with the intention of collecting. +[2024-11-12 17:48:30] 97939184 is looking for ACE751B4 for 150 seconds. +[2024-11-12 17:48:51] connection open +[2024-11-12 17:48:51] DEA38DDF joined with the intention of delivering. +[2024-11-12 17:48:51] DEA38DDF is waiting for client for 150 seconds. +[2024-11-12 17:48:52] 97939184 left. +[2024-11-12 17:48:52] connection closed +[2024-11-12 17:49:00] connection open +[2024-11-12 17:49:00] 69988F01 joined with the intention of collecting. +[2024-11-12 17:49:00] 69988F01 is looking for DEA38DDF for 150 seconds. +[2024-11-12 17:49:00] 69988F01 and DEA38DDF are positively paired. +[2024-11-12 17:49:00] 69988F01 is attempting to fetch file contents from DEA38DDF. +[2024-11-12 17:49:03] DEA38DDF is delivering digest to 69988F01. +[2024-11-12 17:49:03] 69988F01 is delivering confirmation to DEA38DDF. +[2024-11-12 17:49:03] DEA38DDF left. +[2024-11-12 17:49:03] 69988F01 left. +[2024-11-12 17:49:03] connection closed +[2024-11-12 17:49:03] connection closed +[2024-11-12 17:49:11] connection open +[2024-11-12 17:49:11] 64595E02 joined with the intention of delivering. +[2024-11-12 17:49:11] 64595E02 is waiting for client for 150 seconds. +[2024-11-12 17:49:27] connection open +[2024-11-12 17:49:27] ABBBF4B1 joined with the intention of delivering. +[2024-11-12 17:49:27] ABBBF4B1 is looking for 64595E02 for 150 seconds. +[2024-11-12 17:49:27] ABBBF4B1 and 64595E02 are negatively paired. +[2024-11-12 17:49:27] ABBBF4B1 left. +[2024-11-12 17:49:27] connection closed +[2024-11-12 17:49:27] 64595E02 left. +[2024-11-12 17:49:27] connection closed +[2024-11-12 17:49:41] connection open +[2024-11-12 17:49:41] 58FEEF9C joined with the intention of delivering. +[2024-11-12 17:49:41] 58FEEF9C is looking for 64595E02 for 5 seconds. +[2024-11-12 17:49:46] 58FEEF9C has achieved expiry. +[2024-11-12 17:49:46] 58FEEF9C left. +[2024-11-12 17:49:46] connection closed +[2024-11-12 17:50:03] connection open +[2024-11-12 17:50:03] 58B8F046 joined with the intention of collecting. +[2024-11-12 17:50:03] 58B8F046 is looking for DEA38DDF for 5 seconds. +[2024-11-12 17:50:08] 58B8F046 has achieved expiry. +[2024-11-12 17:50:08] 58B8F046 left. +[2024-11-12 17:50:08] connection closed +... +``` ## Installation @@ -164,6 +320,8 @@ of general file sharing purposes. #### From GitHub +##### Nightly + 1. Visit the **GitHub Actions** page of the project repository. ``` https://github.com/gridhead/expedite/actions @@ -181,6 +339,17 @@ of general file sharing purposes. https://github.com/gridhead/expedite/issues ``` +##### Stable + +1. Visit the **GitHub Releases** page of the project repository. + ``` + https://github.com/gridhead/expedite/releases + ``` +2. Please file for bug reports and feature requests based on the stable releases. + ``` + https://github.com/gridhead/expedite/issues + ``` + ## Execution ### Server @@ -267,7 +436,7 @@ of general file sharing purposes. (venv) $ ed-client --host ws://localhost:9090 --time 30 send --file /path/to/file.extn --pswd expedite --size 131072 ``` ``` - [2024-07-06 11:52:10] Expedite Client v0.1.0a2 + [2024-07-06 11:52:10] Expedite Client v0.1.0 [2024-07-06 11:52:10] Addr. ws://localhost:9090 [2024-07-06 11:52:10] Pass. expedite [2024-07-06 11:52:10] Plan. DELIVERING @@ -290,7 +459,7 @@ of general file sharing purposes. (venv) $ ed-client --host ws://localhost:9090 --time 30 --endo DEADCAFE send --file /path/to/file.extn --pswd expedite --size 131072 ``` ``` - [2024-07-06 12:02:09] Expedite Client v0.1.0a2 + [2024-07-06 12:02:09] Expedite Client v0.1.0 [2024-07-06 12:02:09] Addr. ws://localhost:9090 [2024-07-06 12:02:09] Pass. expedite [2024-07-06 12:02:09] Plan. DELIVERING @@ -329,7 +498,7 @@ of general file sharing purposes. (venv) $ ed-client --host ws://localhost:8080 --time 30 recv --pswd expedite ``` ``` - [2024-07-06 12:57:43] Expedite Client v0.1.0a2 + [2024-07-06 12:57:43] Expedite Client v0.1.0 [2024-07-06 12:57:43] Addr. ws://localhost:8080 [2024-07-06 12:57:43] Pass. expedite [2024-07-06 12:57:43] Plan. COLLECTING @@ -350,7 +519,7 @@ of general file sharing purposes. (venv) $ ed-client --host ws://localhost:8080 --time 30 --endo DEADCAFE recv --pswd expedite ``` ``` - [2024-07-06 12:55:30] Expedite Client v0.1.0a2 + [2024-07-06 12:55:30] Expedite Client v0.1.0 [2024-07-06 12:55:30] Addr. ws://localhost:8080 [2024-07-06 12:55:30] Pass. expedite [2024-07-06 12:55:30] Plan. COLLECTING diff --git a/data/bridge-info-stat.png b/data/bridge-info-stat.png index 6841e0d..b8ca195 100644 Binary files a/data/bridge-info-stat.png and b/data/bridge-info-stat.png differ diff --git a/data/bridge-recv-prog.gif b/data/bridge-recv-prog.gif index 835d40d..0376268 100644 Binary files a/data/bridge-recv-prog.gif and b/data/bridge-recv-prog.gif differ diff --git a/data/bridge-recv-stat.png b/data/bridge-recv-stat.png index 67e7775..6fe1b40 100644 Binary files a/data/bridge-recv-stat.png and b/data/bridge-recv-stat.png differ diff --git a/data/bridge-send-prog.gif b/data/bridge-send-prog.gif index 3ce824f..29a195a 100644 Binary files a/data/bridge-send-prog.gif and b/data/bridge-send-prog.gif differ diff --git a/data/bridge-send-stat.png b/data/bridge-send-stat.png index b9b3f98..20d6c07 100644 Binary files a/data/bridge-send-stat.png and b/data/bridge-send-stat.png differ diff --git a/data/brok-stat.png b/data/brok-stat.png deleted file mode 100644 index a688b2d..0000000 Binary files a/data/brok-stat.png and /dev/null differ diff --git a/data/cert-atla-26072024.png b/data/cert-atla-12112024.png similarity index 100% rename from data/cert-atla-26072024.png rename to data/cert-atla-12112024.png diff --git a/data/cert-mumb-26072024.png b/data/cert-mumb-12112024.png similarity index 100% rename from data/cert-mumb-26072024.png rename to data/cert-mumb-12112024.png diff --git a/data/prompt-recv-help.png b/data/prompt-recv-help.png deleted file mode 100644 index a3dc5ef..0000000 Binary files a/data/prompt-recv-help.png and /dev/null differ diff --git a/data/prompt-recv-prog.gif b/data/prompt-recv-prog.gif index cc4b617..e745abb 100644 Binary files a/data/prompt-recv-prog.gif and b/data/prompt-recv-prog.gif differ diff --git a/data/prompt-recv-stat.png b/data/prompt-recv-stat.png deleted file mode 100644 index c5a7841..0000000 Binary files a/data/prompt-recv-stat.png and /dev/null differ diff --git a/data/prompt-send-help.png b/data/prompt-send-help.png deleted file mode 100644 index 748ef78..0000000 Binary files a/data/prompt-send-help.png and /dev/null differ diff --git a/data/prompt-send-prog.gif b/data/prompt-send-prog.gif index 7a2c27e..56b44be 100644 Binary files a/data/prompt-send-prog.gif and b/data/prompt-send-prog.gif differ diff --git a/data/prompt-send-stat.png b/data/prompt-send-stat.png deleted file mode 100644 index 74bb1b7..0000000 Binary files a/data/prompt-send-stat.png and /dev/null differ diff --git a/data/test-atla-12112024.txt b/data/test-atla-12112024.txt new file mode 100644 index 0000000..6af78b5 --- /dev/null +++ b/data/test-atla-12112024.txt @@ -0,0 +1,211 @@ +########################################################### + testssl 3.2rc3 from https://testssl.sh/dev/ + + This program is free software. Distribution and + modification under GPLv2 permitted. + USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! + + Please file bugs @ https://testssl.sh/bugs/ + +########################################################### + + Using "OpenSSL 3.2.2 4 Jun 2024 (Library: OpenSSL 3.2.2 4 Jun 2024)" [~94 ciphers] + on fedohide-origin:/usr/bin/openssl + (built: "Sep 12 00:00:00 2024", platform: "linux-x86_64") + + + Start 2024-11-12 05:25:34 -->> ***.***.***.***:443 (expedite-atla.gridhead.net) <<-- + + rDNS (***.***.***.***): ***-***-***-***-host.colocrossing.com. + Service detected: HTTP + + + Testing protocols via sockets except NPN+ALPN + + SSLv2 not offered (OK) + SSLv3 not offered (OK) + TLS 1 not offered + TLS 1.1 not offered + TLS 1.2 offered (OK) + TLS 1.3 offered (OK): final + NPN/SPDY not offered + ALPN/HTTP2 h2, http/1.1 (offered) + + Testing cipher categories + + NULL ciphers (no encryption) not offered (OK) + Anonymous NULL Ciphers (no authentication) not offered (OK) + Export ciphers (w/o ADH+NULL) not offered (OK) + LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK) + Triple DES Ciphers / IDEA not offered + Obsoleted CBC ciphers (AES, ARIA etc.) offered + Strong encryption (AEAD ciphers) with no FS not offered + Forward Secrecy strong encryption (AEAD ciphers) offered (OK) + + + Testing server's cipher preferences + +Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC) +----------------------------------------------------------------------------------------------------------------------------- +SSLv2 + - +SSLv3 + - +TLSv1 + - +TLSv1.1 + - +TLSv1.2 (server order -- server prioritizes ChaCha ciphers when preferred by clients) + xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + xc0ad ECDHE-ECDSA-AES256-CCM ECDH 253 AESCCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_CCM + xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + xc0ac ECDHE-ECDSA-AES128-CCM ECDH 253 AESCCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_CCM + xc023 ECDHE-ECDSA-AES128-SHA256 ECDH 253 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + xc00a ECDHE-ECDSA-AES256-SHA ECDH 253 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + xc009 ECDHE-ECDSA-AES128-SHA ECDH 253 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +TLSv1.3 (server order -- server prioritizes ChaCha ciphers when preferred by clients) + x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384 + x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 + x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256 + x1304 TLS_AES_128_CCM_SHA256 ECDH 253 AESCCM 128 TLS_AES_128_CCM_SHA256 + + Has server cipher order? yes (OK) -- TLS 1.3 and below + + + Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4 + + FS is offered (OK) TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 + ECDHE-ECDSA-AES128-SHA + Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519 X448 + Finite field group: ffdhe2048 ffdhe3072 ffdhe4096 ffdhe6144 ffdhe8192 + TLS 1.2 sig_algs offered: ECDSA+SHA256 ECDSA+SHA384 ECDSA+SHA512 ECDSA+SHA224 + TLS 1.3 sig_algs offered: ECDSA+SHA256 + + Testing server defaults (Server Hello) + + TLS extensions (standard) "renegotiation info/#65281" "server name/#0" "EC point formats/#11" "session ticket/#35" "supported versions/#43" "key share/#51" "max fragment length/#1" "application layer protocol negotiation/#16" "encrypt-then-mac/#22" "extended master secret/#23" + Session Ticket RFC 5077 hint 7200 seconds, session tickets keys seems to be rotated < daily + SSL Session ID support yes + Session Resumption Tickets: yes, ID: yes + TLS clock skew Random values, no fingerprinting possible + Certificate Compression none + Client Authentication none + Signature Algorithm ECDSA with SHA384 + Server key size EC 256 bits (curve P-256) + Server key usage Digital Signature + Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication + Serial 032949A41F4938FAF4C1DBAA984F965F6380 (OK: length 18) + Fingerprints SHA1 7FA23560DDD26C28EF497C286F59F411C367F61F + SHA256 10772449545FC60A04A177BB84611F12BCB2FBA179B5675AEEC6DB23E2A2ECD9 + Common Name (CN) *.gridhead.net (CN in response to request w/o SNI: *.apexaltruism.net ) + subjectAltName (SAN) *.gridhead.net gridhead.net + Trust (hostname) Ok via SAN wildcard and CN wildcard (SNI mandatory) + Chain of trust basename: extra operand ‘/etc/pki/tls/fips_local.cnf’ +Try 'basename --help' for more information. +"/etc/pki/tls/*.pem" cannot be found / not readable + EV cert (experimental) no + Certificate Validity (UTC) 62 >= 30 days (2024-10-16 05:05 --> 2025-01-14 05:05) + ETS/"eTLS", visibility info not present + Certificate Revocation List -- + OCSP URI http://e5.o.lencr.org + OCSP stapling not offered + OCSP must staple extension -- + DNS CAA RR (experimental) not offered + Certificate Transparency yes (certificate extension) + Certificates provided 2 + Issuer E5 (Let's Encrypt from US) + Intermediate cert validity #1: ok > 40 days (2027-03-12 23:59). E5 <-- ISRG Root X1 + Intermediate Bad OCSP (exp.) Ok + + + Testing HTTP header response @ "/" + + HTTP Status Code 426 Upgrade Required. Oh, didn't expect "426 Upgrade Required" + HTTP clock skew -35 sec from localtime + Strict Transport Security not offered + Public Key Pinning -- + Server banner Python/3.12 websockets/12.0 + Application banner -- + Cookie(s) (none issued at "/") -- maybe better try target URL of 30x + Security headers Upgrade: websocket + Reverse Proxy banner -- + + + Testing vulnerabilities + + Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension + CCS (CVE-2014-0224) not vulnerable (OK) + Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK) + ROBOT Server does not support any cipher suites that use RSA key transport + Secure Renegotiation (RFC 5746) supported (OK) + Secure Client-Initiated Renegotiation not vulnerable (OK) + CRIME, TLS (CVE-2012-4929) not vulnerable (OK) + BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied "/" tested + POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support + TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered + SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) + FREAK (CVE-2015-0204) not vulnerable (OK) + DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) + no RSA certificate, thus certificate can't be used with SSLv2 elsewhere + LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 + BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1 + LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches + Winshock (CVE-2014-6321), experimental not vulnerable (OK) + RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) + + + Running client simulations (HTTP) via sockets + + Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy +------------------------------------------------------------------------------------------------ + Android 6.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 256 bit ECDH (P-256) + Android 7.0 (native) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + Android 8.1 (native) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 253 bit ECDH (X25519) + Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Android 10.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Android 11 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Android 12 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Chrome 79 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Chrome 101 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Firefox 66 (Win 8.1/10) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Firefox 100 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + IE 6 XP No connection + IE 8 Win 7 No connection + IE 8 XP No connection + IE 11 Win 7 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + IE 11 Win 8.1 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + IE 11 Win Phone 8.1 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + IE 11 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + Edge 15 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 253 bit ECDH (X25519) + Edge 101 Win 10 21H2 TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Safari 12.1 (iOS 12.2) TLSv1.3 TLS_CHACHA20_POLY1305_SHA256 253 bit ECDH (X25519) + Safari 13.0 (macOS 10.14.6) TLSv1.3 TLS_CHACHA20_POLY1305_SHA256 253 bit ECDH (X25519) + Safari 15.4 (macOS 12.3.1) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Java 7u25 No connection + Java 8u161 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 256 bit ECDH (P-256) + Java 17.0.3 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + go 1.17.8 TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + LibreSSL 2.8.3 (Apple) TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 253 bit ECDH (X25519) + OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + OpenSSL 1.1.0l (Debian) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 253 bit ECDH (X25519) + OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + OpenSSL 3.0.3 (git) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Apple Mail (16.0) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + Thunderbird (91.9) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + + + Rating (experimental) + + Rating specs (not complete) SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30) + Specification documentation https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide + Protocol Support (weighted) 100 (30) + Key Exchange (weighted) 100 (30) + Cipher Strength (weighted) 90 (36) + Final Score 96 + Overall Grade A + Grade cap reasons Grade capped to A. HSTS is not offered + + Done 2024-11-12 05:28:32 [ 182s] -->> ***.***.***.***:443 (expedite-atla.gridhead.net) <<-- + \ No newline at end of file diff --git a/data/test-atla-26072024.txt b/data/test-atla-26072024.txt deleted file mode 100644 index 79229f7..0000000 --- a/data/test-atla-26072024.txt +++ /dev/null @@ -1,181 +0,0 @@ -##################################################################### - testssl.sh version 3.0.9 from https://testssl.sh/ - - This program is free software. Distribution and modification under - GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! - - Please file bugs @ https://testssl.sh/bugs/ - -##################################################################### - - Using bash 5.2.26. OpenSSL 1.0.2-bad (1.0.2k-dev) [~179 ciphers] - on archdesk:./bin/openssl.Linux.x86_64 - (built: Sep 1 14:03:44 2022, platform: linux-x86_64) - - Start 2024-07-26 09:50:59 -->> ***.***.***.***:443 (expedite-atla.apexaltruism.net) <<-- - - rDNS (***.***.***.***): ***-***-***-***-host.colocrossing.com. - Service detected: HTTP - - - Testing protocols via sockets except NPN+ALPN - - SSLv2 not offered (OK) - SSLv3 not offered (OK) - TLS 1 not offered - TLS 1.1 not offered - TLS 1.2 offered (OK) - TLS 1.3 offered (OK): final - NPN/SPDY not offered - ALPN/HTTP2 h2, http/1.1 (offered) - - Testing cipher categories - - NULL ciphers (no encryption) not offered (OK) - Anonymous NULL Ciphers (no authentication) not offered (OK) - Export ciphers (w/o ADH+NULL) not offered (OK) - LOW: 64 Bit + DES, RC[2,4] (w/o export) not offered (OK) - Triple DES Ciphers / IDEA not offered - Obsolete CBC ciphers (AES, ARIA etc.) offered - Strong encryption (AEAD ciphers) offered (OK) - - - Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 - - PFS is offered (OK) TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519 X448 - Finite field group: ffdhe2048 ffdhe3072 ffdhe4096 ffdhe6144 ffdhe8192 - - Testing server preferences - - Has server cipher order? yes (OK) -- TLS 1.3 and below - Negotiated protocol TLSv1.3 - Negotiated cipher TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Cipher order - TLSv1.2: ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA - TLSv1.3: TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 - - - Testing server defaults (Server Hello) - - TLS extensions (standard) "renegotiation info/#65281" "server name/#0" "EC point formats/#11" "session ticket/#35" "supported versions/#43" "key share/#51" "supported_groups/#10" "max fragment length/#1" "application layer protocol negotiation/#16" - "encrypt-then-mac/#22" "extended master secret/#23" - Session Ticket RFC 5077 hint 7200 seconds, session tickets keys seems to be rotated < daily - SSL Session ID support yes - Session Resumption Tickets: yes, ID: yes - TLS clock skew Random values, no fingerprinting possible - Signature Algorithm ECDSA with SHA384 - Server key size EC 256 bits - Server key usage Digital Signature - Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication - Serial 03E4F5F4193B80C23260316A3DAD48FEB7C2 (OK: length 18) - Fingerprints SHA1 C586B26696875DF4194D3888AC43F7098FD3A247 - SHA256 27466B5CC0E6909FF9EB05601432F275A5F6F5594B834DC30AFFBACBF798855E - Common Name (CN) *.apexaltruism.net - subjectAltName (SAN) *.apexaltruism.net apexaltruism.net - Issuer E6 (Let's Encrypt from US) - Trust (hostname) Ok via SAN wildcard (same w/o SNI) - Chain of trust Ok - EV cert (experimental) no - ETS/"eTLS", visibility info not present - Certificate Validity (UTC) 89 >= 30 days (2024-07-25 14:57 --> 2024-10-23 14:57) - # of certificates provided 2 - Certificate Revocation List -- - OCSP URI http://e6.o.lencr.org - OCSP stapling not offered - OCSP must staple extension -- - DNS CAA RR (experimental) not offered - Certificate Transparency yes (certificate extension) - - - Testing HTTP header response @ "/" - - HTTP Status Code 426 Upgrade Required. Oh, didn't expect "426 Upgrade Required" - HTTP clock skew -12 sec from localtime - Strict Transport Security not offered - Public Key Pinning -- - Server banner Python/3.12 websockets/12.0 - Application banner -- - Cookie(s) (none issued at "/") -- maybe better try target URL of 30x - Security headers Upgrade: websocket - Reverse Proxy banner -- - - - Testing vulnerabilities - - Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension - CCS (CVE-2014-0224) not vulnerable (OK) - Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK) - ROBOT Server does not support any cipher suites that use RSA key transport - Secure Renegotiation (RFC 5746) supported (OK) - Secure Client-Initiated Renegotiation not vulnerable (OK) - CRIME, TLS (CVE-2012-4929) not vulnerable (OK) - BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested - POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support - TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered - SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) - FREAK (CVE-2015-0204) not vulnerable (OK) - DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) - no RSA certificate, thus certificate can't be used with SSLv2 elsewhere - LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 - BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1 - LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches - RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) - - - Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength - -Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC) ------------------------------------------------------------------------------------------------------------------------------ - x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384 - x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 - xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - xc024 ECDHE-ECDSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - xc00a ECDHE-ECDSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256 - xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - xc023 ECDHE-ECDSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - xc009 ECDHE-ECDSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - - - Running client simulations (HTTP) via sockets - - Android 6.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - Android 7.0 (native) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - Android 8.1 (native) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) - Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Android 10.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Android 11 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Android 12 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Chrome 79 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Chrome 101 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Firefox 66 (Win 8.1/10) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Firefox 100 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - IE 6 XP No connection - IE 8 Win 7 No connection - IE 8 XP No connection - IE 11 Win 7 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - IE 11 Win 8.1 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - IE 11 Win Phone 8.1 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - IE 11 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - Edge 15 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) - Edge 101 Win 10 21H2 TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Safari 12.1 (iOS 12.2) TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 253 bit ECDH (X25519) - Safari 13.0 (macOS 10.14.6) TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 253 bit ECDH (X25519) - Safari 15.4 (macOS 12.3.1) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Java 7u25 No connection - Java 8u161 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) - Java 17.0.3 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - go 1.17.8 TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - LibreSSL 2.8.3 (Apple) TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519) - OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - OpenSSL 1.1.0l (Debian) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) - OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - OpenSSL 3.0.3 (git) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Apple Mail (16.0) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - Thunderbird (91.9) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - - Done 2024-07-26 09:55:57 [ 332s] -->> ***.***.***.***:443 (expedite-atla.apexaltruism.net) <<-- diff --git a/data/test-mumb-12112024.txt b/data/test-mumb-12112024.txt new file mode 100644 index 0000000..5d9becb --- /dev/null +++ b/data/test-mumb-12112024.txt @@ -0,0 +1,211 @@ +########################################################### + testssl 3.2rc3 from https://testssl.sh/dev/ + + This program is free software. Distribution and + modification under GPLv2 permitted. + USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! + + Please file bugs @ https://testssl.sh/bugs/ + +########################################################### + + Using "OpenSSL 3.2.2 4 Jun 2024 (Library: OpenSSL 3.2.2 4 Jun 2024)" [~94 ciphers] + on fedohide-origin:/usr/bin/openssl + (built: "Sep 12 00:00:00 2024", platform: "linux-x86_64") + + + Start 2024-11-12 05:22:18 -->> ***.***.***.***:443 (expedite-mumb.gridhead.net) <<-- + + rDNS (***.***.***.***): -- + Service detected: HTTP + + + Testing protocols via sockets except NPN+ALPN + + SSLv2 not offered (OK) + SSLv3 not offered (OK) + TLS 1 not offered + TLS 1.1 not offered + TLS 1.2 offered (OK) + TLS 1.3 offered (OK): final + NPN/SPDY not offered + ALPN/HTTP2 not offered + + Testing cipher categories + + NULL ciphers (no encryption) not offered (OK) + Anonymous NULL Ciphers (no authentication) not offered (OK) + Export ciphers (w/o ADH+NULL) not offered (OK) + LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK) + Triple DES Ciphers / IDEA not offered + Obsoleted CBC ciphers (AES, ARIA etc.) offered + Strong encryption (AEAD ciphers) with no FS not offered + Forward Secrecy strong encryption (AEAD ciphers) offered (OK) + + + Testing server's cipher preferences + +Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC) +----------------------------------------------------------------------------------------------------------------------------- +SSLv2 + - +SSLv3 + - +TLSv1 + - +TLSv1.1 + - +TLSv1.2 (server order -- server prioritizes ChaCha ciphers when preferred by clients) + xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + xc0ad ECDHE-ECDSA-AES256-CCM ECDH 253 AESCCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_CCM + xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + xc0ac ECDHE-ECDSA-AES128-CCM ECDH 253 AESCCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_CCM + xc023 ECDHE-ECDSA-AES128-SHA256 ECDH 253 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + xc00a ECDHE-ECDSA-AES256-SHA ECDH 253 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + xc009 ECDHE-ECDSA-AES128-SHA ECDH 253 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +TLSv1.3 (server order -- server prioritizes ChaCha ciphers when preferred by clients) + x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384 + x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 + x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256 + x1304 TLS_AES_128_CCM_SHA256 ECDH 253 AESCCM 128 TLS_AES_128_CCM_SHA256 + + Has server cipher order? yes (OK) -- TLS 1.3 and below + + + Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4 + + FS is offered (OK) TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-CCM TLS_AES_128_GCM_SHA256 TLS_AES_128_CCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 + ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES128-CCM + Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519 X448 + Finite field group: ffdhe2048 ffdhe3072 ffdhe4096 ffdhe6144 ffdhe8192 + TLS 1.2 sig_algs offered: ECDSA+SHA256 ECDSA+SHA384 ECDSA+SHA512 ECDSA+SHA224 + TLS 1.3 sig_algs offered: ECDSA+SHA256 + + Testing server defaults (Server Hello) + + TLS extensions (standard) "renegotiation info/#65281" "server name/#0" "EC point formats/#11" "session ticket/#35" "supported versions/#43" "key share/#51" "max fragment length/#1" "encrypt-then-mac/#22" "extended master secret/#23" + Session Ticket RFC 5077 hint 7200 seconds, session tickets keys seems to be rotated < daily + SSL Session ID support yes + Session Resumption Tickets: yes, ID: yes + TLS clock skew Random values, no fingerprinting possible + Certificate Compression none + Client Authentication none + Signature Algorithm ECDSA with SHA384 + Server key size EC 256 bits (curve P-256) + Server key usage Digital Signature + Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication + Serial 032949A41F4938FAF4C1DBAA984F965F6380 (OK: length 18) + Fingerprints SHA1 7FA23560DDD26C28EF497C286F59F411C367F61F + SHA256 10772449545FC60A04A177BB84611F12BCB2FBA179B5675AEEC6DB23E2A2ECD9 + Common Name (CN) *.gridhead.net (CN in response to request w/o SNI: *.apexaltruism.net ) + subjectAltName (SAN) *.gridhead.net gridhead.net + Trust (hostname) Ok via SAN wildcard and CN wildcard (SNI mandatory) + Chain of trust basename: extra operand ‘/etc/pki/tls/fips_local.cnf’ +Try 'basename --help' for more information. +"/etc/pki/tls/*.pem" cannot be found / not readable + EV cert (experimental) no + Certificate Validity (UTC) 62 >= 30 days (2024-10-16 05:05 --> 2025-01-14 05:05) + ETS/"eTLS", visibility info not present + Certificate Revocation List -- + OCSP URI http://e5.o.lencr.org + OCSP stapling not offered + OCSP must staple extension -- + DNS CAA RR (experimental) not offered + Certificate Transparency yes (certificate extension) + Certificates provided 2 + Issuer E5 (Let's Encrypt from US) + Intermediate cert validity #1: ok > 40 days (2027-03-12 23:59). E5 <-- ISRG Root X1 + Intermediate Bad OCSP (exp.) Ok + + + Testing HTTP header response @ "/" + + HTTP Status Code 426 Upgrade Required. Oh, didn't expect "426 Upgrade Required" + HTTP clock skew -1 sec from localtime + Strict Transport Security not offered + Public Key Pinning -- + Server banner Python/3.12 websockets/12.0 + Application banner -- + Cookie(s) (none issued at "/") -- maybe better try target URL of 30x + Security headers Upgrade: websocket + Reverse Proxy banner -- + + + Testing vulnerabilities + + Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension + CCS (CVE-2014-0224) not vulnerable (OK) + Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK) + ROBOT Server does not support any cipher suites that use RSA key transport + Secure Renegotiation (RFC 5746) supported (OK) + Secure Client-Initiated Renegotiation not vulnerable (OK) + CRIME, TLS (CVE-2012-4929) not vulnerable (OK) + BREACH (CVE-2013-3587) no gzip/deflate/compress/br HTTP compression (OK) - only supplied "/" tested + POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support + TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered + SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) + FREAK (CVE-2015-0204) not vulnerable (OK) + DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) + no RSA certificate, thus certificate can't be used with SSLv2 elsewhere + LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 + BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1 + LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches + Winshock (CVE-2014-6321), experimental not vulnerable (OK) + RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) + + + Running client simulations (HTTP) via sockets + + Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy +------------------------------------------------------------------------------------------------ + Android 6.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 256 bit ECDH (P-256) + Android 7.0 (native) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + Android 8.1 (native) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 253 bit ECDH (X25519) + Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Android 10.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Android 11 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Android 12 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Chrome 79 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Chrome 101 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Firefox 66 (Win 8.1/10) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Firefox 100 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + IE 6 XP No connection + IE 8 Win 7 No connection + IE 8 XP No connection + IE 11 Win 7 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + IE 11 Win 8.1 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + IE 11 Win Phone 8.1 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + IE 11 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + Edge 15 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 253 bit ECDH (X25519) + Edge 101 Win 10 21H2 TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Safari 12.1 (iOS 12.2) TLSv1.3 TLS_CHACHA20_POLY1305_SHA256 253 bit ECDH (X25519) + Safari 13.0 (macOS 10.14.6) TLSv1.3 TLS_CHACHA20_POLY1305_SHA256 253 bit ECDH (X25519) + Safari 15.4 (macOS 12.3.1) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Java 7u25 No connection + Java 8u161 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 256 bit ECDH (P-256) + Java 17.0.3 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + go 1.17.8 TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + LibreSSL 2.8.3 (Apple) TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 253 bit ECDH (X25519) + OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + OpenSSL 1.1.0l (Debian) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 253 bit ECDH (X25519) + OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + OpenSSL 3.0.3 (git) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + Apple Mail (16.0) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 256 bit ECDH (P-256) + Thunderbird (91.9) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519) + + + Rating (experimental) + + Rating specs (not complete) SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30) + Specification documentation https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide + Protocol Support (weighted) 100 (30) + Key Exchange (weighted) 100 (30) + Cipher Strength (weighted) 90 (36) + Final Score 96 + Overall Grade A + Grade cap reasons Grade capped to A. HSTS is not offered + + Done 2024-11-12 05:23:24 [ 70s] -->> ***.***.***.***:443 (expedite-mumb.gridhead.net) <<-- + \ No newline at end of file diff --git a/data/test-mumb-26072024.txt b/data/test-mumb-26072024.txt deleted file mode 100644 index 33687cd..0000000 --- a/data/test-mumb-26072024.txt +++ /dev/null @@ -1,182 +0,0 @@ -##################################################################### - testssl.sh version 3.0.9 from https://testssl.sh/ - - This program is free software. Distribution and modification under - GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! - - Please file bugs @ https://testssl.sh/bugs/ - -##################################################################### - - Using bash 5.2.26. OpenSSL 1.0.2-bad (1.0.2k-dev) [~179 ciphers] - on archdesk:./bin/openssl.Linux.x86_64 - (built: Sep 1 14:03:44 2022, platform: linux-x86_64) - - Start 2024-07-26 09:45:14 -->>***.***.***.***:443 (expedite-mumb.apexaltruism.net) <<-- - - rDNS (***.***.***.***): -- - Service detected: HTTP - - - Testing protocols via sockets except NPN+ALPN - - SSLv2 not offered (OK) - SSLv3 not offered (OK) - TLS 1 not offered - TLS 1.1 not offered - TLS 1.2 offered (OK) - TLS 1.3 offered (OK): final - NPN/SPDY not offered - ALPN/HTTP2 not offered - - Testing cipher categories - - NULL ciphers (no encryption) not offered (OK) - Anonymous NULL Ciphers (no authentication) not offered (OK) - Export ciphers (w/o ADH+NULL) not offered (OK) - LOW: 64 Bit + DES, RC[2,4] (w/o export) not offered (OK) - Triple DES Ciphers / IDEA not offered - Obsolete CBC ciphers (AES, ARIA etc.) offered - Strong encryption (AEAD ciphers) offered (OK) - - - Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 - - PFS is offered (OK) TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-CCM TLS_AES_128_GCM_SHA256 TLS_AES_128_CCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES128-CCM - Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519 X448 - Finite field group: ffdhe2048 ffdhe3072 ffdhe4096 ffdhe6144 ffdhe8192 - - Testing server preferences - - Has server cipher order? yes (OK) -- TLS 1.3 and below - Negotiated protocol TLSv1.3 - Negotiated cipher TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Cipher order - TLSv1.2: ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-CCM ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-CCM ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA - TLSv1.3: TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 TLS_AES_128_CCM_SHA256 - - - Testing server defaults (Server Hello) - - TLS extensions (standard) "renegotiation info/#65281" "server name/#0" "EC point formats/#11" "session ticket/#35" "supported versions/#43" "key share/#51" "supported_groups/#10" "max fragment length/#1" "encrypt-then-mac/#22" "extended master secret/#23" - Session Ticket RFC 5077 hint 7200 seconds, session tickets keys seems to be rotated < daily - SSL Session ID support yes - Session Resumption Tickets: yes, ID: yes - TLS clock skew Random values, no fingerprinting possible - Signature Algorithm ECDSA with SHA384 - Server key size EC 256 bits - Server key usage Digital Signature - Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication - Serial 03E4F5F4193B80C23260316A3DAD48FEB7C2 (OK: length 18) - Fingerprints SHA1 C586B26696875DF4194D3888AC43F7098FD3A247 - SHA256 27466B5CC0E6909FF9EB05601432F275A5F6F5594B834DC30AFFBACBF798855E - Common Name (CN) *.apexaltruism.net - subjectAltName (SAN) *.apexaltruism.net apexaltruism.net - Issuer E6 (Let's Encrypt from US) - Trust (hostname) Ok via SAN wildcard (same w/o SNI) - Chain of trust Ok - EV cert (experimental) no - ETS/"eTLS", visibility info not present - Certificate Validity (UTC) 89 >= 30 days (2024-07-25 14:57 --> 2024-10-23 14:57) - # of certificates provided 2 - Certificate Revocation List -- - OCSP URI http://e6.o.lencr.org - OCSP stapling not offered - OCSP must staple extension -- - DNS CAA RR (experimental) not offered - Certificate Transparency yes (certificate extension) - - - Testing HTTP header response @ "/" - - HTTP Status Code 426 Upgrade Required. Oh, didn't expect "426 Upgrade Required" - HTTP clock skew 0 sec from localtime - Strict Transport Security not offered - Public Key Pinning -- - Server banner Python/3.12 websockets/12.0 - Application banner -- - Cookie(s) (none issued at "/") -- maybe better try target URL of 30x - Security headers Upgrade: websocket - Reverse Proxy banner -- - - - Testing vulnerabilities - - Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension - CCS (CVE-2014-0224) not vulnerable (OK) - Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK) - ROBOT Server does not support any cipher suites that use RSA key transport - Secure Renegotiation (RFC 5746) supported (OK) - Secure Client-Initiated Renegotiation not vulnerable (OK) - CRIME, TLS (CVE-2012-4929) not vulnerable (OK) - BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested - POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support - TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered - SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) - FREAK (CVE-2015-0204) not vulnerable (OK) - DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) - no RSA certificate, thus certificate can't be used with SSLv2 elsewhere - LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 - BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1 - LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches - RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) - - - Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength - -Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC) ------------------------------------------------------------------------------------------------------------------------------ - x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384 - x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 - xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - xc00a ECDHE-ECDSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - xc0ad ECDHE-ECDSA-AES256-CCM ECDH 253 AESCCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_CCM - x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256 - x1304 TLS_AES_128_CCM_SHA256 ECDH 253 AESCCM 128 TLS_AES_128_CCM_SHA256 - xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - xc023 ECDHE-ECDSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - xc009 ECDHE-ECDSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - xc0ac ECDHE-ECDSA-AES128-CCM ECDH 253 AESCCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_CCM - - - Running client simulations (HTTP) via sockets - - Android 6.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) - Android 7.0 (native) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - Android 8.1 (native) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) - Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Android 10.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Android 11 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Android 12 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Chrome 79 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Chrome 101 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Firefox 66 (Win 8.1/10) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Firefox 100 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - IE 6 XP No connection - IE 8 Win 7 No connection - IE 8 XP No connection - IE 11 Win 7 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - IE 11 Win 8.1 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - IE 11 Win Phone 8.1 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - IE 11 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - Edge 15 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) - Edge 101 Win 10 21H2 TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Safari 12.1 (iOS 12.2) TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 253 bit ECDH (X25519) - Safari 13.0 (macOS 10.14.6) TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 253 bit ECDH (X25519) - Safari 15.4 (macOS 12.3.1) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Java 7u25 No connection - Java 8u161 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) - Java 17.0.3 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - go 1.17.8 TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - LibreSSL 2.8.3 (Apple) TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519) - OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - OpenSSL 1.1.0l (Debian) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519) - OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - OpenSSL 3.0.3 (git) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - Apple Mail (16.0) TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256) - Thunderbird (91.9) TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) - - Done 2024-07-26 09:46:48 [ 143s] -->> ***.***.***.***:443 (expedite-mumb.apexaltruism.net) <<-- diff --git a/expedite/client/prompt/main.py b/expedite/client/prompt/main.py index afdf79e..f816bc2 100644 --- a/expedite/client/prompt/main.py +++ b/expedite/client/prompt/main.py @@ -57,6 +57,7 @@ def work() -> None: @group( name="expedite", + help="Configure the service particulars before starting it", context_settings={"show_default": True}, ) @option( diff --git a/expedite/server/main.py b/expedite/server/main.py index 4d1011c..9d1da53 100644 --- a/expedite/server/main.py +++ b/expedite/server/main.py @@ -47,6 +47,7 @@ def work() -> None: @command( name="expedite", + help="Configure the service particulars before starting it", context_settings={"show_default": True}, ) @option( diff --git a/pyproject.toml b/pyproject.toml index 4334c24..78b9f00 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,7 +1,7 @@ [tool.poetry] name = "expedite" version = "0.1.0" -description = "Simple encrypted file transfer service" +description = "Simple encrypted file transfer service for humans" authors = ["Akashdeep Dhar "] license = "GPL-3.0-or-later" maintainers = ["Akashdeep Dhar "] @@ -9,7 +9,7 @@ readme = "README.md" homepage = "https://github.com/gridhead/expedite" repository = "https://github.com/gridhead/expedite" documentation = "https://github.com/gridhead/expedite/blob/main/README.md" -keywords = ["file", "transfer", "delivering", "collecting"] +keywords = ["websockets", "file", "transfer", "delivering", "collecting"] classifiers= [ "Development Status :: 4 - Beta", "Environment :: X11 Applications :: Qt",